24 lines
877 B
Nix
24 lines
877 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
services.fprintd.enable = true;
|
|
|
|
security.pam.services.login.fprintAuth = true;
|
|
security.pam.services.sudo.fprintAuth = true;
|
|
# If you use swaylock and want fingerprint auth for it:
|
|
security.pam.services.swaylock.fprintAuth = true;
|
|
# Add Polkit rule to allow locally active users to manage their own fingerprints
|
|
security.polkit.extraConfig = ''
|
|
polkit.addRule(function(action, subject) {
|
|
if (action.id == "net.reactivated.fprint.device.enroll" ||
|
|
action.id == "net.reactivated.fprint.device.verify" ||
|
|
action.id == "net.reactivated.fprint.device.delete" ||
|
|
action.id == "net.reactivated.fprint.device.list") {
|
|
// Allow active, local users to manage their own fingerprints
|
|
if (subject.active && subject.local) {
|
|
return polkit.Result.YES;
|
|
}
|
|
}
|
|
});
|
|
'';
|
|
} |